Dig Deep with
Malware Analysis

See how you can defend your network from targeted attacks, advanced malware and Zero-days with ThreatAnalyzer®, the industry's premier malware analysis sandbox.

ThreatAnalyzer®

Our dynamic malware analysis sandbox (formerly known as CWSandbox) is used to dig deep into malware to reveal its impact on your organization so you can respond quickly – knowing what's happening on your network and what systems or data are at the greatest risk.

Used in the most sensitive environments – including government security, defense and intelligence agencies – ThreatAnalyzer runs executable files and URLs in a monitored environment to identify targeted attacks, Zero-day threats and other sophisticated malware that evades detection by traditional cyber defenses. Within minutes of detonating a malware sample, you will know exactly which system configurations on your network are vulnerable to any threat, enabling you to instantly respond by isolating systems and implementing defenses to prevent data breaches and limit data loss.

Customizable Environments
Recreate your entire application stack (including virtual and native environments) to see exactly how malware will behave across all systems.

Custom Determination Rules
Fine-tune ThreatAnalyzer to be on alert for suspicious behavior that concerns you most to better identify and prevent targeted attacks.

Productivity Multiplier
Malware analysis times reduced from hours or days to just minutes, drastically multiplying the number of samples analyzed in a day.

Analyze Any Malware Threat

FAQsFrequently Asked Questions

Can ThreatAnalyzer support testing files against various versions of software like Adobe Acrobat Reader?

Yes, ThreatAnalyzer allows you to install various versions of software, such as Adobe Acrobat Reader, across your sandbox clients. This allows you to get an understanding of which version of the software is vulnerable in your sandbox environment.

Does ThreatAnalyzer support 64-bit operating environments?

Yes. ThreatAnalyzer enables users to recreate all of their 32- and 64-bit operating system environments – including WoW64 (Windows 32-bit on Windows 64-bit) – for in-depth analysis across their entire application stack, instantly identifying which systems are vulnerable to executed malware samples.

Can your sandbox technology integrate with INeTSim?

If the malware is VM-aware, will it still be analyzed in ThreatAnalyzer?

Yes. We recommend that you implement a hybrid of virtual and physical systems for those VM-aware malware samples.

Does your current sandbox technology have API documentation and formats?

Our API documentation shows you how to use all our API calls from the shell, and example code is provided in Python, Ruby, Perl and PHP, showing how to script calls to the API for various tasks.

Can you submit one sample to multiple sandboxes?

Yes, you may group sandboxes according to whatever criteria you wish (for example, service pack or installed applications), and submit one sample to the first available sandbox in a group or all sandboxes in a group. This may be done via the UI or the API.